Skip to content

Latest commit

 

History

History
34 lines (26 loc) · 2.75 KB

security.md

File metadata and controls

34 lines (26 loc) · 2.75 KB

ILIAS Security Group

Table of Contents

Reporting Security Issues

Please make sure to understand, that treating security issues confidentially is required to keep ILIAS installations as safe as possible until the issue is fixed.

Please follow the process described in detail below. You will receive an answer from a member of the ILIAS security group about further steps.

Do not file an issue in the bugtracker!

  1. Write an email to [email protected] about your discovery, containing a description of the issue with the scenario in which the problem is triggered and a description of its implications. Please provide all necessary steps to reproduce the issue. We kindly ask you to withhold full disclosure of the issue until a fix is ready and the new release has been build and made available to everyone (full disclosure about 1 week after the new release is published).
  2. The Security Group will assign an issue manager.
  3. The issue manager will look into the issue and try and reproduce the problem.
  4. The issue manager will contact you on behalf of the ILIAS e.V. by email. We are grateful for any further help/information you can provide during the analysis and bugfixing process.
  5. Depending on the severity and impact of the issue at hand, the developers will build a new release ASAP or continue with the default roadmap.
  6. Optional: We are very interested in giving proper credit for your finding and your support for the project. If you want to, we can include your name and/or institution in our release notes. We will not publish your name or the name of your institution without your consent.

Publishing Fixes for Security Issues

We are delighted when solutions are offered together with the initial report. Please be aware, however, that our repository in GitHub is also open to the general public: commits, commit-messages and pull-requests can be viewed by anyone. It is therefore also better in this case to get in touch with [email protected] in order to discuss further steps with us.

Security Update Notifications

Please subscribe to our admin mailing list ([email protected]) to get notifications about security updates, updates in general and announcements for ILIAS server administrators.

Contributors

  • Robin Baumgartner, sr solutions ag, Burgdorf, Switzerland
  • Tim Bongers, CaT Concepts and Training GmbH, Cologne, Germany
  • Rob Falkenstein, University of Freiburg - IT Services, Germany
  • Manuel G. Müller, Qualitus GmbH, Cologne, Germany
  • David Tokar, WEKA Media GmbH & Co. KG, Kissing, Germany